paybridge 0.4.0 → 0.6.0

package/dist/providers/mercadopago.js

@@ -0,0 +1,297 @@
+"use strict";
+/**
+ * Mercado Pago payment provider
+ * Leading payment platform for Latin America
+ * @see https://www.mercadopago.com/developers/en/reference
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MercadoPagoProvider = void 0;
+const crypto = __importStar(require("crypto"));
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+class MercadoPagoProvider extends base_1.PaymentProvider {
+    constructor(config) {
+        super();
+        this.name = 'mercadopago';
+        this.supportedCurrencies = ['BRL', 'ARS', 'USD', 'MXN', 'COP', 'CLP', 'ZAR'];
+        this.baseUrl = 'https://api.mercadopago.com';
+        this.accessToken = config.accessToken;
+        this.webhookSecret = config.webhookSecret;
+        this.sandbox = config.sandbox ?? this.accessToken.startsWith('TEST-');
+    }
+    async apiRequest(method, path, data) {
+        const url = `${this.baseUrl}${path}`;
+        const response = await (0, fetch_1.timedFetch)(url, {
+            method,
+            headers: {
+                Authorization: `Bearer ${this.accessToken}`,
+                'Content-Type': 'application/json',
+            },
+            body: data ? JSON.stringify(data) : undefined,
+        });
+        const json = await response.json();
+        if (!response.ok) {
+            const message = json.message || json.error || `Mercado Pago API error (${method} ${path}): ${response.status}`;
+            throw new Error(message);
+        }
+        return json;
+    }
+    async createPayment(params) {
+        this.validateCurrency(params.currency);
+        const [firstName, ...lastNameParts] = params.customer.name.split(' ');
+        const lastName = lastNameParts.join(' ') || firstName;
+        const metadata = {
+            reference: params.reference,
+            ...(params.metadata || {}),
+        };
+        const requestBody = {
+            items: [
+                {
+                    title: params.description || params.reference,
+                    quantity: 1,
+                    unit_price: params.amount,
+                    currency_id: params.currency,
+                },
+            ],
+            payer: {
+                email: params.customer.email,
+                name: firstName,
+                surname: lastName,
+            },
+            external_reference: params.reference,
+            back_urls: {
+                success: params.urls.success,
+                failure: params.urls.cancel,
+                pending: params.urls.success,
+            },
+            notification_url: params.urls.webhook,
+            auto_return: 'approved',
+            metadata,
+        };
+        const response = await this.apiRequest('POST', '/checkout/preferences', requestBody);
+        const checkoutUrl = this.sandbox ? response.sandbox_init_point : response.init_point;
+        return {
+            id: response.id,
+            checkoutUrl,
+            status: 'pending',
+            amount: params.amount,
+            currency: params.currency.toUpperCase(),
+            reference: params.reference,
+            provider: 'mercadopago',
+            createdAt: new Date().toISOString(),
+            raw: response,
+        };
+    }
+    async createSubscription(params) {
+        this.validateCurrency(params.currency);
+        let frequency;
+        let frequencyType;
+        switch (params.interval) {
+            case 'weekly':
+                frequency = 7;
+                frequencyType = 'days';
+                break;
+            case 'monthly':
+                frequency = 1;
+                frequencyType = 'months';
+                break;
+            case 'yearly':
+                frequency = 12;
+                frequencyType = 'months';
+                break;
+        }
+        const requestBody = {
+            reason: params.description || params.reference,
+            auto_recurring: {
+                frequency,
+                frequency_type: frequencyType,
+                transaction_amount: params.amount,
+                currency_id: params.currency,
+            },
+            payer_email: params.customer.email,
+            back_url: params.urls.success,
+            external_reference: params.reference,
+        };
+        const response = await this.apiRequest('POST', '/preapproval', requestBody);
+        return {
+            id: response.id,
+            checkoutUrl: response.init_point,
+            status: 'pending',
+            amount: params.amount,
+            currency: params.currency.toUpperCase(),
+            interval: params.interval,
+            reference: params.reference,
+            provider: 'mercadopago',
+            startsAt: params.startDate,
+            createdAt: new Date().toISOString(),
+            raw: response,
+        };
+    }
+    async getPayment(id) {
+        const response = await this.apiRequest('GET', `/v1/payments/search?external_reference=${encodeURIComponent(id)}`);
+        if (!response.results || response.results.length === 0) {
+            return {
+                id,
+                checkoutUrl: '',
+                status: 'pending',
+                amount: 0,
+                currency: 'BRL',
+                reference: id,
+                provider: 'mercadopago',
+                createdAt: new Date().toISOString(),
+                raw: response,
+            };
+        }
+        const payment = response.results[0];
+        const currency = (payment.currency_id || 'BRL').toUpperCase();
+        let status = 'pending';
+        if (payment.status === 'approved') {
+            status = 'completed';
+        }
+        else if (payment.status === 'rejected') {
+            status = 'failed';
+        }
+        else if (payment.status === 'cancelled') {
+            status = 'cancelled';
+        }
+        return {
+            id: payment.id?.toString() || id,
+            checkoutUrl: '',
+            status,
+            amount: payment.transaction_amount || 0,
+            currency,
+            reference: payment.external_reference || id,
+            provider: 'mercadopago',
+            createdAt: new Date(payment.date_created || Date.now()).toISOString(),
+            raw: response,
+        };
+    }
+    async refund(params) {
+        const refundData = {};
+        if (params.amount !== undefined) {
+            refundData.amount = params.amount;
+        }
+        const response = await this.apiRequest('POST', `/v1/payments/${params.paymentId}/refunds`, refundData);
+        const currency = (response.payment?.currency_id || 'BRL').toUpperCase();
+        return {
+            id: response.id?.toString() || response.refund_id?.toString(),
+            status: response.status === 'approved' ? 'completed' : 'pending',
+            amount: response.amount || 0,
+            currency,
+            paymentId: params.paymentId,
+            createdAt: new Date(response.date_created || Date.now()).toISOString(),
+            raw: response,
+        };
+    }
+    /**
+     * Parse Mercado Pago webhook notification.
+     * Note: MP webhooks are notification events that require a follow-up API call to get full payment details.
+     * This method returns a pending event; caller should use getPayment(data.id) to fetch real status.
+     */
+    parseWebhook(body, _headers) {
+        const event = typeof body === 'string' ? JSON.parse(body) : body;
+        const eventType = 'payment.pending';
+        return {
+            type: eventType,
+            payment: {
+                id: event.data?.id?.toString() || '',
+                checkoutUrl: '',
+                status: 'pending',
+                amount: 0,
+                currency: 'BRL',
+                reference: '',
+                provider: 'mercadopago',
+                createdAt: new Date().toISOString(),
+            },
+            raw: event,
+        };
+    }
+    verifyWebhook(body, headers) {
+        if (!this.webhookSecret) {
+            return false;
+        }
+        const signature = headers?.['x-signature'] || headers?.['X-Signature'];
+        if (!signature) {
+            return false;
+        }
+        const parts = signature.split(',').reduce((acc, part) => {
+            const [key, value] = part.split('=');
+            if (key && value) {
+                acc[key.trim()] = value.trim();
+            }
+            return acc;
+        }, {});
+        const ts = parts.ts;
+        const v1 = parts.v1;
+        if (!ts || !v1) {
+            return false;
+        }
+        const timestampNum = parseInt(ts, 10);
+        const now = Math.floor(Date.now() / 1000);
+        if (now - timestampNum > 300) {
+            return false;
+        }
+        const requestId = headers?.['x-request-id'] || headers?.['X-Request-Id'];
+        const eventData = typeof body === 'string' ? JSON.parse(body) : body;
+        const dataId = eventData.data?.id || '';
+        const template = `id:${dataId};request-id:${requestId};ts:${ts};`;
+        const computedSig = crypto.createHmac('sha256', this.webhookSecret).update(template, 'utf8').digest('hex');
+        try {
+            const computedBuffer = Buffer.from(computedSig, 'hex');
+            const expectedBuffer = Buffer.from(v1, 'hex');
+            if (computedBuffer.length !== expectedBuffer.length) {
+                return false;
+            }
+            return crypto.timingSafeEqual(computedBuffer, expectedBuffer);
+        }
+        catch {
+            return false;
+        }
+    }
+    getCapabilities() {
+        return {
+            fees: {
+                fixed: 0,
+                percent: 4.99,
+                currency: 'BRL',
+            },
+            currencies: this.supportedCurrencies,
+            country: 'BR',
+            avgLatencyMs: 700,
+        };
+    }
+}
+exports.MercadoPagoProvider = MercadoPagoProvider;

package/dist/providers/mollie.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Mollie payment provider
+ * EU-focused payment gateway supporting 9 currencies
+ * @see https://docs.mollie.com/reference
+ */
+import { PaymentProvider } from './base';
+import { CreatePaymentParams, PaymentResult, CreateSubscriptionParams, SubscriptionResult, RefundParams, RefundResult, WebhookEvent } from '../types';
+import { ProviderCapabilities } from '../routing-types';
+interface MollieConfig {
+    apiKey: string;
+    webhookSecret?: string;
+    sandbox?: boolean;
+}
+export declare class MollieProvider extends PaymentProvider {
+    readonly name = "mollie";
+    readonly supportedCurrencies: string[];
+    private apiKey;
+    private webhookSecret?;
+    private sandbox;
+    private baseUrl;
+    constructor(config: MollieConfig);
+    private apiRequest;
+    createPayment(params: CreatePaymentParams): Promise<PaymentResult>;
+    createSubscription(_params: CreateSubscriptionParams): Promise<SubscriptionResult>;
+    getPayment(id: string): Promise<PaymentResult>;
+    refund(params: RefundParams): Promise<RefundResult>;
+    parseWebhook(body: any, _headers?: any): WebhookEvent;
+    /**
+     * Mollie webhooks have no signature verification scheme.
+     * Security comes from:
+     * 1. Validating source IP (caller's responsibility)
+     * 2. Calling getPayment(id) to verify actual status
+     *
+     * Always returns true to indicate no validation error (Mollie design limitation).
+     */
+    verifyWebhook(_body: string | Buffer, _headers?: any): boolean;
+    getCapabilities(): ProviderCapabilities;
+}
+export {};

package/dist/providers/mollie.js

@@ -0,0 +1,178 @@
+"use strict";
+/**
+ * Mollie payment provider
+ * EU-focused payment gateway supporting 9 currencies
+ * @see https://docs.mollie.com/reference
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MollieProvider = void 0;
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+let webhookSecretWarned = false;
+class MollieProvider extends base_1.PaymentProvider {
+    constructor(config) {
+        super();
+        this.name = 'mollie';
+        this.supportedCurrencies = ['EUR', 'USD', 'GBP', 'CHF', 'CAD', 'AUD', 'DKK', 'SEK', 'NOK'];
+        this.baseUrl = 'https://api.mollie.com/v2';
+        this.apiKey = config.apiKey;
+        this.webhookSecret = config.webhookSecret;
+        this.sandbox = config.sandbox ?? this.apiKey.startsWith('test_');
+        if (this.webhookSecret && !webhookSecretWarned) {
+            console.warn('[PayBridge:Mollie] Mollie has no webhook signature scheme. Webhook validation relies on getPayment() round-trip. Validate by source IP if possible.');
+            webhookSecretWarned = true;
+        }
+    }
+    async apiRequest(method, path, data) {
+        const url = `${this.baseUrl}${path}`;
+        const response = await (0, fetch_1.timedFetchOrThrow)(url, {
+            method,
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: data ? JSON.stringify(data) : undefined,
+        });
+        return (await response.json());
+    }
+    async createPayment(params) {
+        this.validateCurrency(params.currency);
+        const requestBody = {
+            amount: {
+                value: params.amount.toFixed(2),
+                currency: params.currency,
+            },
+            description: params.description || params.reference,
+            redirectUrl: params.urls.success,
+            cancelUrl: params.urls.cancel,
+            webhookUrl: params.urls.webhook,
+            metadata: {
+                reference: params.reference,
+                ...params.metadata,
+            },
+        };
+        const response = await this.apiRequest('POST', '/payments', requestBody);
+        return {
+            id: response.id,
+            checkoutUrl: response._links.checkout.href,
+            status: 'pending',
+            amount: params.amount,
+            currency: params.currency.toUpperCase(),
+            reference: params.reference,
+            provider: 'mollie',
+            createdAt: response.createdAt || new Date().toISOString(),
+            raw: response,
+        };
+    }
+    async createSubscription(_params) {
+        throw new Error('Mollie subscriptions require Customer + Mandate setup; not yet supported by paybridge. Use the Mollie Customers API directly or choose another provider.');
+    }
+    async getPayment(id) {
+        const response = await this.apiRequest('GET', `/payments/${id}`);
+        let status = 'pending';
+        if (response.status === 'paid') {
+            status = 'completed';
+        }
+        else if (response.status === 'failed' || response.status === 'expired') {
+            status = 'failed';
+        }
+        else if (response.status === 'canceled') {
+            status = 'cancelled';
+        }
+        else if (response.status === 'open' || response.status === 'pending') {
+            status = 'pending';
+        }
+        const currency = (response.amount?.currency || 'EUR').toUpperCase();
+        const amount = response.amount?.value ? parseFloat(response.amount.value) : 0;
+        return {
+            id: response.id,
+            checkoutUrl: response._links?.checkout?.href || '',
+            status,
+            amount,
+            currency,
+            reference: response.metadata?.reference || response.id,
+            provider: 'mollie',
+            createdAt: response.createdAt || new Date().toISOString(),
+            raw: response,
+        };
+    }
+    async refund(params) {
+        const refundData = {
+            description: params.reason || 'Refund',
+        };
+        if (params.amount !== undefined) {
+            const currency = 'EUR';
+            refundData.amount = {
+                value: params.amount.toFixed(2),
+                currency,
+            };
+        }
+        const response = await this.apiRequest('POST', `/payments/${params.paymentId}/refunds`, refundData);
+        const currency = (response.amount?.currency || 'EUR').toUpperCase();
+        const amount = response.amount?.value ? parseFloat(response.amount.value) : 0;
+        let refundStatus = 'pending';
+        if (response.status === 'refunded') {
+            refundStatus = 'completed';
+        }
+        else if (response.status === 'failed') {
+            refundStatus = 'failed';
+        }
+        return {
+            id: response.id,
+            status: refundStatus,
+            amount,
+            currency,
+            paymentId: params.paymentId,
+            createdAt: response.createdAt || new Date().toISOString(),
+            raw: response,
+        };
+    }
+    parseWebhook(body, _headers) {
+        let paymentId;
+        if (typeof body === 'string') {
+            const parsed = new URLSearchParams(body);
+            paymentId = parsed.get('id') || '';
+        }
+        else {
+            paymentId = body.id || '';
+        }
+        return {
+            type: 'payment.pending',
+            payment: {
+                id: paymentId,
+                checkoutUrl: '',
+                status: 'pending',
+                amount: 0,
+                currency: 'EUR',
+                reference: paymentId,
+                provider: 'mollie',
+                createdAt: new Date().toISOString(),
+            },
+            raw: body,
+        };
+    }
+    /**
+     * Mollie webhooks have no signature verification scheme.
+     * Security comes from:
+     * 1. Validating source IP (caller's responsibility)
+     * 2. Calling getPayment(id) to verify actual status
+     *
+     * Always returns true to indicate no validation error (Mollie design limitation).
+     */
+    verifyWebhook(_body, _headers) {
+        return true;
+    }
+    getCapabilities() {
+        return {
+            fees: {
+                fixed: 0.25,
+                percent: 1.8,
+                currency: 'EUR',
+            },
+            currencies: this.supportedCurrencies,
+            country: 'EU',
+            avgLatencyMs: 350,
+        };
+    }
+}
+exports.MollieProvider = MollieProvider;

package/dist/providers/pesapal.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Pesapal payment provider
+ * East Africa-focused payment gateway (Kenya, Uganda, Tanzania)
+ * @see https://developer.pesapal.com/
+ */
+import { PaymentProvider } from './base';
+import { CreatePaymentParams, PaymentResult, CreateSubscriptionParams, SubscriptionResult, RefundParams, RefundResult, WebhookEvent } from '../types';
+import { ProviderCapabilities } from '../routing-types';
+interface PesapalConfig {
+    consumerKey: string;
+    consumerSecret: string;
+    notificationId?: string;
+    username?: string;
+    webhookSecret?: string;
+    sandbox?: boolean;
+}
+export declare class PesapalProvider extends PaymentProvider {
+    readonly name = "pesapal";
+    readonly supportedCurrencies: string[];
+    private consumerKey;
+    private consumerSecret;
+    private notificationId?;
+    private username?;
+    private webhookSecret?;
+    private sandbox;
+    private baseUrl;
+    private tokenCache?;
+    constructor(config: PesapalConfig);
+    private getToken;
+    private apiRequest;
+    createPayment(params: CreatePaymentParams): Promise<PaymentResult>;
+    createSubscription(_params: CreateSubscriptionParams): Promise<SubscriptionResult>;
+    getPayment(id: string): Promise<PaymentResult>;
+    refund(params: RefundParams): Promise<RefundResult>;
+    parseWebhook(body: any, _headers?: any): WebhookEvent;
+    /**
+     * Pesapal IPN has no signature verification scheme.
+     * Security comes from:
+     * 1. Validating source IP (caller's responsibility)
+     * 2. Calling getPayment(id) to verify actual status
+     *
+     * Always returns true to indicate no validation error (Pesapal design limitation).
+     */
+    verifyWebhook(_body: string | Buffer, _headers?: any): boolean;
+    getCapabilities(): ProviderCapabilities;
+}
+export {};